CVE-2026-53810
Analyzed Analyzed - Analysis Complete

Code Execution via Malicious Extension Metadata in OpenClaw

Vulnerability report for CVE-2026-53810, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-11

Last updated on: 2026-06-12

Assigner: VulnCheck

Description

OpenClaw before 2026.5.18 contains a code execution vulnerability where marketplace runtime extension metadata can redirect loading toward unscanned package payloads. Attackers with trusted operator access can manipulate extension metadata to load plugin code outside reviewed package entry points, bypassing security scanning.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-11
Last Modified
2026-06-12
Generated
2026-07-02
AI Q&A
2026-06-12
EPSS Evaluated
2026-06-30
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.5.18 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-829 The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The provided information does not explicitly address how the CVE-2026-53810 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

This vulnerability exists in OpenClaw versions before 2026.5.18 and involves a code execution flaw. Specifically, the marketplace runtime extension metadata can be manipulated to redirect the loading process toward unscanned package payloads. Attackers who have trusted operator access can exploit this by altering the extension metadata to load plugin code from outside the reviewed and security-scanned package entry points, effectively bypassing security scanning.

Impact Analysis

The vulnerability allows attackers with trusted operator access to execute arbitrary code by loading unscanned and potentially malicious plugin code. This can lead to unauthorized code execution within the OpenClaw environment, potentially compromising system integrity, confidentiality, and availability.

Mitigation Strategies

To mitigate the vulnerability in OpenClaw versions prior to 2026.5.18, you should upgrade to version 2026.5.18 or later where the issue is patched.

  • Install only trusted plugins.
  • Keep plugin allowlists explicit.
  • Maintain narrow channel and tool allowlists.
  • Avoid sharing Gateways between untrusted users.
  • Disable the affected marketplace runtime extension metadata feature if it is not necessary.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53810. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart